This Page Is Inserted by IFW Operations 
and is not a part of the Official Record 



BEST AVAILABLE IMAGES 

Defective images within this document are accurate representations of 
the original documents submitted by the applicant. 

Defects in the images may include (but are not limited to): 

• BLACK BORDERS 

• TEXT CUT OFF AT TOP, BOTTOM OR SIDES 

• FADED TEXT 

• ILLEGIBLE TEXT 

• SKEWED/SLANTED IMAGES 

• COLORED PHOTOS 

• BLACK OR VERY BLACK AND WHITE DARK PHOTOS 

• GRAY SCALE DOCUMENTS 

IMAGES ARE BEST AVAILABLE COPY. 



As rescanning documents will not correct images, 
please do not report the images to the 
Image Problem Mailbox. 



PCT 



WORLD INTELLECTUAL PROPERTY ORGANIZATION 
International Bureau 




INTERNATIONAL APPLICATION PUBLISHED UNDER THE PATENT COOPERATION TREATY (PCT) 



(51) International Patent Classification 6 : 
G07C 9/00, G07F 7/10 



Al 



(11) International Publication Number: WO 98/13791 

(43) International Publication Date: 2 April 1998 (02.04.98) 



(21) International Application Number: PCT/US96715509 

(22) International Filing Date: 27 September 1996 (27.09.96) 

(71) Applicant: WESTINGHOUSE ELECTRIC CORPORATION 

[US/US J; 1 1 Stanwix Street, Pittsburgh, PA 15222 (US). 

(72) Inventors: NELSON, Robert, A.; Route I, Box 5555, Richland, 

WA 99352 (US). GRAMBIHLER, Anton. J.; 2008 Davison 
Avenue, Richland, WA 99352-2015 (US). 

(74) Agents: STEVENS, Walter, S. et al.; Wcstinghouse Electric 
Corporation, 1 1 Stanwix Street, Pittsburgh. PA 15222 (US). 



(81) Designated States: AU, CN, JP, KR. NO, European patent 
(AT, BE, CH. DE, DK. ES, FI, FR. GB, GR. IE. IT, LU. 
MC, NL. PT, SE). 



Published 

With international search report. 



(54) Title: APPARATUS AND METHOD FOR PERSONAL IDENTIFICATION 




User Card 



Computer 
System 
Interface 



Biometric 
Scanner 



<3> 



(57) Abstract 



There is provided by this invention a personal identification card for gaining access to controlled areas or computer systems having 
a microprocessor combined therein that has stored in its memory personal trait characteristics of the individual user. The microprocessor 
also has st red algorithms for comparing the personal trait characteristics stored in the card with personal trait characteristics inputted from 
an external device. Stored algorithms are used to update the personal stored traits. The microprocessor verifies the identity of the user of 
the card. A security system within the microprocessor protects the stored personal trail characteristics and restricts access to the card. 
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APPARATUS AND METHOD FOR PERSONAL IDENTIFICATION 

BACKGROUND OF THE INVENTION 
Field of the Invention 
The U.S. government has a paid-up license in this 
invention and the right in limited circumstances to 
require the patent owner to license others on reasonable 
terms as provided for by the terms of contract No. 
DE-AC06-87RL10930 award by the United States Department of 
Energy . 

This invention relates generally to means for gaining 
access to controlled area6, but more particularly, to card 
systems for gaining access to secured buildings and facil- 
ities or to secured computer systems. This invention has 
broad applications in systems where bank cards, credit 
cards, or other types of plastic cards are used to gain 
access to automated financial transaction systems, and 
also to computer controlled systems where plastic cards 
are us d for ent ring and 1 aving controlled buildings or 
other types of facilities. This invention also relates to 
applications where access to the information stored on the 
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card is restricted by a security system. Traditionally, 
these cards have a coded magnetic strip that allows the 
user to pass the strip through a reader which authorizes 
the user to gain access to the computer controlled system. 
Early versions of these basic systems allowed any holder 
of the card to gain entry to the system regardless of 
whether the holder was an authorized user or not. Later, 
these basic systems were supplemented with an additional 
identification means such as a PIN number or a password 
that had been previously stored in the computer memory. 
The holder of the card had to enter the identification 
into the system to prove he wbb an authorized user. These 
systems proved to be ineffective because the authorized 
user oftentimes forgot the password or PIN number and, in 
some cases, the PIN number and password were obtained by 
duress or theft or some other unauthorized means. 

Then, systems were developed where a personal physi- 
cal trait was actually stored on the card. These physical 
traits could be handwriting samples, photographs, or 
fingerprints. In these type systems, the personal trait 
that was stored on the identification card was also stored 
in a computer memory bank. When the user attempted to 
gain access to the secured system, the user would input 
the card to a reader or scanner that read the digitized 
25 personal information trait from the card and inputted it 
into the main computer memory bank. The main computer 
would then retrieve the stored information from its memory 
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bank and make a comparison of the information inputted 
from the reader. If the personal physical traits read on 
the card matched the personal traits stored in the main 
computer, then the user was authorized to gain access to 
the system. However, if there was not a match, then the 
user was denied access to the system. Such systems were 
disclosed in U.S. patent no. 5,214,699, issued May 25, 
1993, to Midora Monroe, et al. See also U.S. patent no. 
4,636,622, issued to Clemet Clark, on January 13, 1987. 
These systems were typical of systems that used identifi- 
cation cards to gain access to controlled areas or compu- 
ter systems . 

However, even these systems had major drawbacks. 
When personal identification traits and identities were 
stored in a centralized database where there were many, 
many users, databases of enormous size and expense were 
required. Inordinate delays were usually encountered when 
many users tried to gain access to the system simulta- 
neously. They also require extensive communication 
between the remote access points and the central database. 

Accordingly, other systems have been developed which 
require the uBer to place his personal identification card 
in a reader and then re-enter his personal identification 
trait in a real time on-line scanner. For instance, when 
a personal identificati n trait is a picture, a camera, 
located at the remote site, re-enters the user's picture 
into the system for comparison. Other systems may have 
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fingerprint scanners to read actual fingerprints or voice 
scanners compare actual voices with voiceprints stored on 
the identification cards. In these systems, the informa- 
tion read from the on-line scanner is fed to a main compu- 
ter along with the information read from the identifica- 
tion card and a comparison is then made. If there is a 
match, then the user is allowed access to the system. 
These types of systems are disclosed in U.S. patent no. 
4,993,068, issued to Gerald Piosenka, et al., and U.S. 
patent no. 5,229,764, issued to Noel Matchett, et al. See 
also U.S. patent no. 5,191,608, issued March 2, 1993, to 
Francois Geronimi wherein a secret code is coded in the 
microprocessor of the identification card which must be 
matched before the card is operational by the user. 
15 However, these systems also have a major drawback. 

That is, they allow the personal trait information stored 
on the card to be read by an unknown or unfriendly compu- 
ter. This type of technique compromises the security of 

the overall system. 

It is an object of this invention to provide an 
identification card or smart card for use with an identi- 
fication and access system wherein the personal identifi- 
cation trait stored on the smart card cannot be obtained 
by unauthorized users. 
25 It is als an object to provide a system which may b 

used by numerous users without requiring a large central- 
ized databas . It is a still further object of this 
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invention to provid a multipurpose smart card which 
allows the user to gain access to a variety of different 
facilities or computer systems. 

It is a further object of this invention to maintain 
secret information in the card that will not be released 
until the card holder proves his identity to the card. In 
all cases the identity verification takes place in the 
card. 

Summary of the Invention 
There is provided by this invention a portable 
device, preferably a personal identification card or smart 
card which contains a microprocessor with means for stor- 
ing personal identification traits such as fingerprints, 
hand geometry, voiceprints, etc., in the memory of the 
15 microcomputer; biometric detection means such as a reader 
comprising a means for reading digitized data of personal 
identification traits template received from an external 
scanner; and means for comparing the inputted personal 
identification traits from the external scanner with the 
personal identification traits stored in programmable 
memory of the microprocessor. Upon obtaining a match of 
the stored personal identification traits and the scanned 
identification traits, the smart card allows access to a 
secured facility or computer system or the smart card it- 
s If. The smart card also contains s curity features 
which prevent any information from being inputted to the 
microprocessor fr m unauthorized computers. 
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nr<pf n eac ^r*-i°" of the Drawings 
Figure 1 is a simplified block diagram of the smart 
card interfacing with a computer system in accordance with 
the principles of this invention; 

Figure 2 is a block diagram of the architecture of 
the microprocessor utilized on the smart card in accor- 
dance with the principles of this invention; and 

Figure 3 is a flow chart illustrating the method of 
operation of the smart card in accordance with the princi- 

pies of this invention. 

nr1 ^ n-^^ ption of Preferred Embodiment 
There is shown in Figure 1 a personal identification 
system shown indicated generally at 10 that allows a user 
to gain access to controlled facilities or areas, or con- 
trolled computer system files in the smart card micro- 
processor. A person attempting to gain access to the sys- 
tem must have a user card 12 which may be a commonly used 
plastic card such as a credit card or other identification 
card which has contained therein a microprocessor general- 
ly referred to as 14. The user must connect the micro- 
processor to a computer system interface 16 by connecting 
serial communication, power, reset, and timing signal 
lines not shown but well known to those skilled in the art 
that allows the microprocessor and the computer system 
interface to communicate. The computer system interface 
is usually at a remote site so it is accessible to th 
user and is conn ct d to a computer system not shown. 
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Also at the remote site is a biometric scanner 18 that is 
connected to the computer system interface 16 so that the 
microprocessor 14 and the biometric scanner 18 can pass 
information. The biometric scanner 18 may be any number 
of scanners well known in the art such as fingerprint 
scanners, voiceprint digitizers, hand geometry scanners, 
etc. Once the microprocessor 14 is connected to the com- 
puter system interface 16, the system will prompt the user 
to input information into the biometric scanner 18 for 
comparison in a manner hereinafter described. 

Referring to Figure 2, there is shown a block diagram 
of the architecture of the microprocessor 14. Connected 
to the internal bus 20 are addressing logic circuits 22 
and control and test registers 24 for the erasable, pro- 
15 grammable read only memory (EPROM) or similar device 26 
and the electrical erasable programmable read only memory 
(EEPROM) or similar device 28 which contains the templates 
for the biometric identification information and compari- 
son and update codes. Also connected is an application 
20 read only memory (ROM) or similar device 30 and a data 
random access memory (RAM) 32. A CPU 34 is utilized to 
make the comparisons between the biometric template store 
and the biometric template input in a manner that will be 
hereinafter described. Finally, the microprocessor con- 
25 tains an input/output interface 36 and security logic con- 
trol 38. 
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Alth ugh this system will work with any biometric 
identity verification trait, such as voiceprints or 
fingerprints, in the present invention hand geometry bio- 
metric information is used. When the card is issued to 
5 the user, a hand geometry template of the user is made, 
the information is digitized and inputted into the 
EEPROM 28. The microprocessor is programmed to make 
partial updates of the hand geometry template stored in 
the card. The template update accounts for subtle hand 
10 changes (e.g., fingernail growth and weight gain). The 
security logic circuits of the microprocessor protects the 
template and requires terminal verification before 
processing any International Organization for Standardiza- 
tion format command. The program maintains template 
15 integrity using an error detection code and an invalid 
access attempt count. 

Figure 3 illustrates a flow chart that demonstrates 
the method of operation during identification of the user. 
When the card user inserts the card 12 into the computer 
20 system interface 16 and the microprocessor 14 is connected 
within the computer interface, the computer system inter- 
face challenges the user card to authenticate itself with 
a randomly generated security code. If the proper 
response is computed, the card is authenticated. If not, 
25 the computer system stops and th user is denied access. 
The system then prompts the user to place his hand in the 
hand scanner and a hand template is digitized by the hand 
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scann r 18. However, before this information is processed 
by the user card 12, the user card authenticates the 
terminal by challenging the terminal with a randomly 
generated security code. If the terminal security code is 
present, the template is made available to the user 
card 12. If it is not available, the system stops and the 
user is denied access. Once the hand template is avail- 
able and the retry count has not been exceeded, the card 
requests that the hand template be sent to the card. The 
system denies access if the identity is unknown and th 
retry count is exceeded. The smart card then temporarily 
stores the hand template in the random access memory 
(RAM) 32 and retrieves the pre-stored hand template from 
the (EEPROM) 28. An algorithm stored for making a compar- 
15 ison is then used by the CPU 34 to compare the previously 
stored hand template with the hand template received from 
the scanner IB. The hand geometry comparison and update 
algorithm allows an update to be made to the stored tem- 
plate when a predetermined maximum score is made as a 
20 result of the comparison. The updated template then is 
stored and becomes the new stored template for comparisons 
for future entry attempts. When the computer Bystem 
interface requests the results from the card, the holder 
is either identified and the user is granted access by the 
25 system or to the card, or the holder is not identified and 
the system denies access . 
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It can be readily seen that there is provided by this 
invention a novel, personal identification system wherein 
a personal identification card (smart card) has stored 
therein on a microprocessor system a template of biometric 
identification traits, such as hand geometry, which is 
protected from unauthorized or unfriendly computers by a 
security logic system. Once a computer system has been 
authenticated, then the smart card prompts the computer 
system to request a hand geometry scan which is digitized 
and sent to the smart card. Hand geometry algorithms and 
update algorithms stored in the smart card are compared 
with the hand geometry scan. Thus, every individual user 
of the system who has a smart card carries his template in 
his own microprocessor and relieves the main computer sys- 
tem from requiring excessive and expensive data storage 
space when there may be many thousands of potential users . 

This invention provides a smart card where the bio- 
metric comparison occurs in the microprocessor of the 
smart card. 

Although there has been illustrated and described 
specific detail and structure of operation, it is clearly 
understood that the same were merely for purposes of illus- 
tration and that changes and modifications may be readily 
made therein by those skilled in the art without departing 
from the spirit and the scope of this invention. 
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What is claimed is: 

1. A personal identification system for controlling 
access to a protected system , comprising: 

a) a portable device containing a microproces- 
sor means disposed to be inputted into a computer system 
interface means for controlling access to the secure area 
or computer system; 

b) biometric reader means connected to the 
computer system interface means for detecting personal 
trait characteristics of an individual seeking access and 
producing a digitized output of the personal trait charac- 
teristics; 

c) programmable memory means within the micro- 
processor means for storing previously recorded biometric 
personal trait characteristics; 

d) comparative means within the microprocessor 
means for comparing the previously stored personal trait 
characteristics in the programmable memory means with the 
output of th biometric detection means for verifying the 
identity of the individual seeking access; 
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e) output means within the microprocessor 
means for producing an output signal resulting from the 
comparison made in the comparative means to the computer 
interface means for enabling or disabling access of the 

5 individual to the secured areas or computer system; and 

f) security means within the microprocessor 
means wherein access to the personal trait characteristics 
is protected and restricted. 

2. A personal identification system as recited in 
10 Claim 1 wherein the portable device is a card. 

3. A personal identification system as recited in 
Claim 2 wherein the card is plastic, 

4. A personal identification system as recited in 
Claim 3 wherein the biometric detection means is comprised 

15 of a scanner for digitizing the hand geometry of the 
individual seeking access. 

5. A personal identification system as recited in 
Claim 4 wherein the biometric detection means is a 
receiver for digitizing voiceprints of the individual 

20 seeking access. 

6. A personal identification system as recited in 
Claim 5 wherein the programmable memory means updates the 
previously recorded personal trait characteristics with 
the digitized output of the biometric detection means. 

25 7. A personal identification system as recited in 

Claim 6 wherein the protected system is a controlled area 
or facility. 
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8. A personal identification system as recit d in 
Claim 7 wherein the protected system is a computer system. 

9. A portable device for accessing a protected sys- 
tem by the user, comprising a microprocessor wherein the 

5 microprocessor means is further comprised of: 

a) a programmable memory means for storing 
previously recorded personal trait characteristics; 

b) means for storing personal trait comparison 
algorithms and personal trait update algorithms; 

10 c) computing means for utilizing the personal 

trait comparison algorithms for comparing personal trait 
characteristics inputted into the microprocessor means 
with the previously recorded personal trait 
characteristics stored in the programmable memory means; 

15 d) update means for updating the personal 

trait characteristics previously recorded stored in the 
programmable memory means with the personal trait charac- 
teristics inputted into the microprocessor means; 

e) output means for producing an output signal 

20 based upon the comparison made in the computing means 
between the personal trait characteristics previously 
recorded and a personal trait characteristic inputted into 
the microprocessor means to verify the identity of the 
user; and 

25 f) security means within the microprocessor 

means wher in access to the personal trait characteristics 
is protected and restricted. 
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10. A method of controlling access to a protected 
system by an individual, consisting of the steps of: 

providing portable storage means for storing 
personal trait characteristics of an individual; 

verifying the portable device upon input to the 

protected system; 

verifying the protected system by the portable 

device; 

measuring personal trait characteristics of the 
individual seeking access and inputting the personal trait 
characteristics into the portable device; 

comparing the personal trait characteristics 
inputted into the portable device with the personal trait 
characteristics previously stored in the portable device 
for determining the identity of the user; and 

signaling the protected system to enable or dis- 
able acceBS by the individual based upon the comparisons 
made. 

11. A method for controlling access to a protected 
system as recited in Claim 10 further comprising a step of 
updating the personal trait characteristics stored in the 
portable device by the personal trait characteristics 
measured and inputted into the portable device. 

12. A method for controlling access to a protected 
system as r cited in Claim 11 wherein the portable device 
is comprised of a card having a microprocessor attach d 
th r to. 
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13. A method for controlling access to a protected 
system as recited in Claim 12 wherein the card is plastic. 

14. A method for controlling access to a protected 
system as recited in Claim 13 wherein the protected system 
is a secure area or facility. 

15. A method for controlling access to a protected 
system as recited in Claim 14 wherein the protected system 
is a computer system. 
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